diff options
author | Karthik Kamath <karthik.kamath@oracle.com> | 2017-03-09 14:57:20 +0530 |
---|---|---|
committer | Karthik Kamath <karthik.kamath@oracle.com> | 2017-03-09 14:57:20 +0530 |
commit | af84921d263b8bb1d1a06989794db07394f94e21 (patch) | |
tree | 218873d2cace3e406e8ac03d81f35882b03db927 /sql/net_serv.cc | |
parent | e619295e1b480a24ee9740641ce69b8a412e1fc9 (diff) | |
download | mariadb-git-af84921d263b8bb1d1a06989794db07394f94e21.tar.gz |
BUG#24807826: UINT3KORR SHOULD STOP READING FOUR INSTEAD OF
THREE BYTES ON X86
Analysis:
=========
The macro uint3korr reads 4 bytes of data instead of 3 on
on x86 machines.
Multiple definitions were created for this macro for
optimization in WIN32. The idea was to optimize reading of
3 byte ints by reading an ordinary int and masking away the
unused byte. However this is an undefined behavior. It will
be an issue unless users are aware of allocating an extra
byte for using this macro.
Fix:
====
Removing the definition which reads 4 bytes of data. The
only definition of this macro would now read just 3 bytes
of data thus prohibiting the usage of an extra byte.
Note:
=====
This is a backport of Patches #5 and #6 for Bug#17922198.
Diffstat (limited to 'sql/net_serv.cc')
-rw-r--r-- | sql/net_serv.cc | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/sql/net_serv.cc b/sql/net_serv.cc index 9c0c84bb292..b2c36f7c29c 100644 --- a/sql/net_serv.cc +++ b/sql/net_serv.cc @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -179,12 +179,10 @@ my_bool net_realloc(NET *net, size_t length) pkt_length = (length+IO_SIZE-1) & ~(IO_SIZE-1); /* We must allocate some extra bytes for the end 0 and to be able to - read big compressed blocks + 1 safety byte since uint3korr() in - my_real_read() may actually read 4 bytes depending on build flags and - platform. + read big compressed blocks in my_real_read(). */ if (!(buff= (uchar*) my_realloc((char*) net->buff, pkt_length + - NET_HEADER_SIZE + COMP_HEADER_SIZE + 1, + NET_HEADER_SIZE + COMP_HEADER_SIZE, MYF(MY_WME)))) { /* @todo: 1 and 2 codes are identical. */ @@ -951,12 +949,11 @@ my_real_read(NET *net, size_t *complen) if (net->compress) { /* - The following uint3korr() may read 4 bytes, so make sure we don't - read unallocated or uninitialized memory. The right-hand expression - must match the size of the buffer allocated in net_realloc(). + The right-hand expression must match the size of the buffer + allocated in net_realloc(). */ DBUG_ASSERT(net->where_b + NET_HEADER_SIZE + sizeof(uint32) <= - net->max_packet + NET_HEADER_SIZE + COMP_HEADER_SIZE + 1); + net->max_packet + NET_HEADER_SIZE + COMP_HEADER_SIZE); /* If the packet is compressed then complen > 0 and contains the number of bytes in the uncompressed packet |